part #2

2026-02-04 19:59:20 +02:00
parent 557feefdc3
commit 5548cf83bf
1479 changed files with 53557 additions and 40339 deletions
--- a/src/__Libraries/StellaOps.Evidence/Models/AttestationEvidence.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/AttestationEvidence.cs
@@ -0,0 +1,10 @@
+namespace StellaOps.Evidence.Models;
+
+public sealed record AttestationEvidence(
+    string AttestationId,
+    string Type,
+    string Digest,
+    string SignerKeyId,
+    bool SignatureValid,
+    DateTimeOffset SignedAt,
+    string? RekorLogIndex);
--- a/src/__Libraries/StellaOps.Evidence/Models/EvidenceIndex.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/EvidenceIndex.cs
@@ -1,4 +1,4 @@
-using System.Collections.Immutable;
+using System.Collections.Immutable;

 namespace StellaOps.Evidence.Models;

@@ -20,83 +20,3 @@ public sealed record EvidenceIndex
    public required DateTimeOffset CreatedAt { get; init; }
    public string? IndexDigest { get; init; }
 }
-
-public sealed record VerdictReference(
-    string VerdictId,
-    string Digest,
-    VerdictOutcome Outcome,
-    string? PolicyVersion);
-
-public enum VerdictOutcome
-{
-    Pass,
-    Fail,
-    Warn,
-    Unknown
-}
-
-public sealed record SbomEvidence(
-    string SbomId,
-    string Format,
-    string Digest,
-    string? Uri,
-    int ComponentCount,
-    DateTimeOffset GeneratedAt);
-
-public sealed record AttestationEvidence(
-    string AttestationId,
-    string Type,
-    string Digest,
-    string SignerKeyId,
-    bool SignatureValid,
-    DateTimeOffset SignedAt,
-    string? RekorLogIndex);
-
-public sealed record VexEvidence(
-    string VexId,
-    string Format,
-    string Digest,
-    string Source,
-    int StatementCount,
-    ImmutableArray<string> AffectedVulnerabilities);
-
-public sealed record ReachabilityEvidence(
-    string ProofId,
-    string VulnerabilityId,
-    string ComponentPurl,
-    ReachabilityStatus Status,
-    string? EntryPoint,
-    ImmutableArray<string> CallPath,
-    string Digest);
-
-public enum ReachabilityStatus
-{
-    Reachable,
-    NotReachable,
-    Inconclusive,
-    NotAnalyzed
-}
-
-public sealed record UnknownEvidence(
-    string UnknownId,
-    string ReasonCode,
-    string Description,
-    string? ComponentPurl,
-    string? VulnerabilityId,
-    UnknownSeverity Severity);
-
-public enum UnknownSeverity
-{
-    Low,
-    Medium,
-    High,
-    Critical
-}
-
-public sealed record ToolChainEvidence(
-    string ScannerVersion,
-    string SbomGeneratorVersion,
-    string ReachabilityEngineVersion,
-    string AttestorVersion,
-    string PolicyEngineVersion,
-    ImmutableDictionary<string, string> AdditionalTools);
--- a/src/__Libraries/StellaOps.Evidence/Models/ProofConclusion.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/ProofConclusion.cs
@@ -0,0 +1,32 @@
+namespace StellaOps.Evidence.Models;
+
+/// <summary>
+/// The conclusion drawn from a proof record.
+/// </summary>
+public enum ProofConclusion
+{
+    /// <summary>
+    /// The component is affected by the vulnerability.
+    /// </summary>
+    Affected,
+
+    /// <summary>
+    /// The component is not affected by the vulnerability.
+    /// </summary>
+    NotAffected,
+
+    /// <summary>
+    /// The vulnerability has been fixed in this component.
+    /// </summary>
+    Fixed,
+
+    /// <summary>
+    /// The effect is still under investigation.
+    /// </summary>
+    UnderInvestigation,
+
+    /// <summary>
+    /// The proof is inconclusive.
+    /// </summary>
+    Inconclusive
+}
--- a/src/__Libraries/StellaOps.Evidence/Models/ProofRecord.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/ProofRecord.cs
@@ -1,5 +1,4 @@
 // Licensed to StellaOps under the BUSL-1.1 license.
-
 using System.Collections.Immutable;

 namespace StellaOps.Evidence.Models;
@@ -72,42 +71,11 @@ public sealed record ProofRecord
    /// <summary>
    /// Gets additional attributes for extensibility.
    /// </summary>
-    public ImmutableDictionary<string, string> Attributes { get; init; } =
-        ImmutableDictionary<string, string>.Empty;
+    public ImmutableDictionary<string, string> Attributes { get; init; }
+        = ImmutableDictionary<string, string>.Empty;

    /// <summary>
    /// Gets the content-addressed digest of this proof for deduplication.
    /// </summary>
    public string? Digest { get; init; }
 }
-
-/// <summary>
-/// The conclusion drawn from a proof record.
-/// </summary>
-public enum ProofConclusion
-{
-    /// <summary>
-    /// The component is affected by the vulnerability.
-    /// </summary>
-    Affected,
-
-    /// <summary>
-    /// The component is not affected by the vulnerability.
-    /// </summary>
-    NotAffected,
-
-    /// <summary>
-    /// The vulnerability has been fixed in this component.
-    /// </summary>
-    Fixed,
-
-    /// <summary>
-    /// The effect is still under investigation.
-    /// </summary>
-    UnderInvestigation,
-
-    /// <summary>
-    /// The proof is inconclusive.
-    /// </summary>
-    Inconclusive
-}
--- a/src/__Libraries/StellaOps.Evidence/Models/ReachabilityEvidence.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/ReachabilityEvidence.cs
@@ -0,0 +1,20 @@
+using System.Collections.Immutable;
+
+namespace StellaOps.Evidence.Models;
+
+public sealed record ReachabilityEvidence(
+    string ProofId,
+    string VulnerabilityId,
+    string ComponentPurl,
+    ReachabilityStatus Status,
+    string? EntryPoint,
+    ImmutableArray<string> CallPath,
+    string Digest);
+
+public enum ReachabilityStatus
+{
+    Reachable,
+    NotReachable,
+    Inconclusive,
+    NotAnalyzed
+}
--- a/src/__Libraries/StellaOps.Evidence/Models/SbomEvidence.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/SbomEvidence.cs
@@ -0,0 +1,9 @@
+namespace StellaOps.Evidence.Models;
+
+public sealed record SbomEvidence(
+    string SbomId,
+    string Format,
+    string Digest,
+    string? Uri,
+    int ComponentCount,
+    DateTimeOffset GeneratedAt);
--- a/src/__Libraries/StellaOps.Evidence/Models/ToolChainEvidence.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/ToolChainEvidence.cs
@@ -0,0 +1,11 @@
+using System.Collections.Immutable;
+
+namespace StellaOps.Evidence.Models;
+
+public sealed record ToolChainEvidence(
+    string ScannerVersion,
+    string SbomGeneratorVersion,
+    string ReachabilityEngineVersion,
+    string AttestorVersion,
+    string PolicyEngineVersion,
+    ImmutableDictionary<string, string> AdditionalTools);
--- a/src/__Libraries/StellaOps.Evidence/Models/UnknownEvidence.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/UnknownEvidence.cs
@@ -0,0 +1,17 @@
+namespace StellaOps.Evidence.Models;
+
+public sealed record UnknownEvidence(
+    string UnknownId,
+    string ReasonCode,
+    string Description,
+    string? ComponentPurl,
+    string? VulnerabilityId,
+    UnknownSeverity Severity);
+
+public enum UnknownSeverity
+{
+    Low,
+    Medium,
+    High,
+    Critical
+}
--- a/src/__Libraries/StellaOps.Evidence/Models/VerdictReference.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/VerdictReference.cs
@@ -0,0 +1,15 @@
+namespace StellaOps.Evidence.Models;
+
+public sealed record VerdictReference(
+    string VerdictId,
+    string Digest,
+    VerdictOutcome Outcome,
+    string? PolicyVersion);
+
+public enum VerdictOutcome
+{
+    Pass,
+    Fail,
+    Warn,
+    Unknown
+}
--- a/src/__Libraries/StellaOps.Evidence/Models/VexEvidence.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/VexEvidence.cs
@@ -0,0 +1,11 @@
+using System.Collections.Immutable;
+
+namespace StellaOps.Evidence.Models;
+
+public sealed record VexEvidence(
+    string VexId,
+    string Format,
+    string Digest,
+    string Source,
+    int StatementCount,
+    ImmutableArray<string> AffectedVulnerabilities);